There are either too many possible answers, or good answers would be too long for this format. Please add details to narrow the answer set or to isolate an issue that can be answered in a few paragraphs.
If this question can be reworded to fit the rules in the help center, please edit the question.

2

How is this not constructive, @random?
–
Dan DascalescuJul 17 '14 at 5:10

2 Answers
2

Nowadays one can use industry grade encryption via 'AES', which is used everywhere (and is under heavy attack but as it seems pretty hard to attack). As the site you cited stated: the weakest spot is in the passphrase and the rules you mentioned especially address that problem.

Theses rules do not apply to the passphrase for the old encryption, since that old encryption was very weak in itself, no matter if you choose a good password or not.

The statement of "the problem is removed due ..." is not true, since the real solution to encrypt ZIP files securely is to choose a strong encryption algorithm AND a strong password. The strongest password is worth nothing if the encryption algorithm is weak.

Some good insights and links. But did you really answer my question? It's a bit unclear.
–
NifleMay 25 '10 at 16:51

i think it is: a) you can now choose a better encryption cypher (aes256 instead of pkzip-homebrew-whatever) and b) i stated that the problem was not removed by choosing a better passphrase but by picking a better cypher (see a)).
–
akiraMay 25 '10 at 20:16

3

@Nifle, it did. Zip encryption was bad because the algorithm was rubbish. In newer versions of zip, you can now choose from more secure algorithm. As long as you select one of the secure algorithm, then the security is no worse than other similar product. Standard security issues like choice of passphrase and implementation aside. i.e. The weakest chain is no longer in the algorithm used.
–
KTCMay 26 '10 at 16:21

There is another bit you neglected to mention, that AES is a block cipher, and can only encrypt fixed-length blocks of data. Thus, to encrypt longer files, fancy schemes have been developed to generate new keys for every block. Unfortunately, developers occasionally overlook this, and make their software encrypt every block with the same keys, see [en.wikipedia.org/wiki/Cipher-block_chaining]
–
EroenFeb 25 '12 at 9:22

Symmetric encryption is problematic. It's well and good to say, "Just use Waq3$f^t>p~6pWr as your password, and you're fine!" but you're leaving a huge door open to social engineering and user carelessness.

So I would say, hypothetically, assuming a first class password, you're okay using symmetric key encrypted zip programs that offer proven encryption algorithms, but in the real world the dependence on password strength is a huge weakness.

@Akira: I didn't say it was bad, I said it was problematic and it is. With public key (asymmetric) encryption, you have a constant level of security. If you have a 1024 bit key, your data is 1024 bit encrypted.

With symmetric key encryption you can have godlike security (1024 character password) or worthless security (1 character password), and you have no control over which you're going to end up with.

(Note: I didn't bother to talk about compromised keys because that effects both methods equally)

@Nifle: Agreed. Key exchange is the problem with public key crypto, but it's a much more reliable method. I tend to recommend against symmetric key encryption because it makes people think they're safe, when they may not be.

@Akira: Not sure what you're talking about, frankly. Just because private keys are often secured with a passphrase as an additional safeguard doesn't mean that symmetric/asymmetric encryption is "using symmetric keys for the real encryption." Asymmetric encryption uses two different keys: one for encryption, one for decryption. And calling higher bit encryption snake-oil is disingenuous at best: if that were the case then aes128 would be the same as aes256.

And comparing a one-time pad to any kind of machine crypto displays the worst sort of ignorance. They're secure because they're pure random noise of the kind that computers, by their very nature, are unable to produce. You're saying that, because one kind of symmetric key encryption is secure, then all kinds of symmetric key encryption are secure, which is an utter fallacy. And worse, you're holding the otp up against asymmetric encryption when they have the EXACT same key exchange problem!

@satanicpuppy: the only problem with symetric encryption is the key-exchange. and thats exactly what asymetric encryption solves: the key-exchange. not the "symetric encryption is bad" part.
–
akiraMay 25 '10 at 17:15

Unfortunately exchanging public keys with co-workers and clients is a non-trivial task. So symmetric encryption is here to stay until Microsoft includes support for some PGP flavour natively (and per default) in Outlook.
–
NifleMay 25 '10 at 17:15

@satanicpuppy: gpg encrypts only the symetric keys via asymetric encryption, it uses the symetric keys for the real encryption. the best encryption you can get is a one-time-pad .. which is symetric encryption. so, do not fall into the trap of the oil-snake-high-bits-for-keys is in any ways safer than the currently used symetric cyphers as aes256 etc. the asymetric keys are normally secured by symetric encryption (passphrases) ...
–
akiraMay 25 '10 at 20:11

@satanicpuppy: "GnuPG is a hybrid encryption software program in that it uses a combination of conventional symmetric-key cryptography for speed, and public-key cryptography for ease of secure key exchange, typically by using the recipient's public key to encrypt a session key which is only used once. This mode of operation is part of the OpenPGP standard and has been part of PGP from its first version"
–
akiraMay 26 '10 at 14:22